Method and device for monitoring enablement of an electrical apparatus connected to a power grid

ABSTRACT

The invention concerns a method and a device for monitoring enablement of an electrical apparatus connected to a power grid. The method consists in: transmitting (A) from a specialised transmitter (ES) to the electrical apparatus (EA) a coded information message comprising an enablement information, in accordance with an enablement control code; and in receiving (B) by means of a receiver (R) equipping the electrical apparatus (EA) said information message. The latter is decoded (C) in accordance with specific enablement data integrated in the receiver (R) to generate decoded enablement data. The enablement of the electrical apparatus (EA) is granted (D, E) if the decoded data are in conformity with the integrated specific enablement data and enablement is refused (D, F) otherwise. The invention is useful for protecting electrical appliances against theft, for managing service delivery on a distant site, monitoring contractual terms.

[0001] The invention relates to a method and a device for monitoringauthorization of an electrical apparatus connected, or coupled, to anetwork.

[0002] At the present time, electrical kit is tending to ensure theexecution of ever more diverse and varied functions or serviceprovisions.

[0003] Such is the case in particular when this electrical kit consistsof domestic electrical apparatuses referred to as brown goods, such astelevision receivers, radio receivers, video recorders, hi-fis, or whitegoods, refrigerators, washing machines of laundry, dishwasher or othertype, or electrical apparatuses for the office or for domestic use, suchas microcomputers and their peripherals, printers or the like.

[0004] For all these apparatuses, which represent a sizeable asset valuefor each user, the concept of authorization covers not only the conceptof authorization of contractual origin for the execution of the functionor of the service provision for which each apparatus is intended, butalso the concept of authorization of legal origin for the execution ofthis function or of this service provision in favor of the legalcustodian of the relevant apparatus, and not of any intruder who haspurloined this apparatus or, as the case may be, the service provisionaccess rights associated with this apparatus.

[0005] The object of the present invention is the implementation of amethod and a device for monitoring authorization of an electricalapparatus connected to a network, allowing, in particular, the executionof a function for surveillance of the location of this electricalapparatus at a specified place in a surveillance perimeter,authorization of use of this apparatus being conferred upon thisapparatus when the latter is situated at the aforesaid specified placein this surveillance perimeter, nonauthorization of use of thisapparatus being conferred on the latter otherwise. In general, it isindicated that the concept of network, to which the electrical apparatusis connected, covers, on the one hand, the concept of communicatingnetwork, and, on the other hand, the concept of electrical energydistribution or supply network. Thus, the concept of communicatingnetwork covers any type of network making it possible to ensure theexchange of messages between the electrical apparatus and a specifiedsite, such as an ATM or INTERNET network, GSM network in particular.

[0006] Likewise, the concept of electrical energy distribution or supplynetwork for the electrical apparatus covers the residential network,downstream of the meter, the electrical distribution network upstream ofthe meter.

[0007] Furthermore, when the technology of communication by carriercurrents generated on the electrical energy distribution or supplynetwork is used, this electrical energy distribution or supply networkconstitutes, furthermore, a communicating network.

[0008] Another object of the present invention is also theimplementation of a method and a device for monitoring authorization ofan electrical apparatus furthermore allowing the execution of a functionfor surveillance of the use of this electrical apparatus with regard toone or more contractual undertakings of use with a view to a serviceprovision, undertakings concluded between the user authorized to benefitfrom such a provision and any authorizing entity, creditor of this orthese undertakings, the authorization of use of this apparatus beingconferred on the latter when this use satisfies the undersignedcontractual undertakings, the nonauthorization of use of this apparatusbeing conferred on the latter otherwise.

[0009] Among the envisageable applications of the monitoring method anddevice which are the subjects of the present invention, mention may bemade in particular of the protection against the theft of the electricalapparatuses connected to a network, the monitoring of access to on-lineservices, in particular on payment of a subscription or within certaintime slots, the execution of service provisions which are remote inrelation to a central site.

[0010] The method for monitoring authorization of an electricalapparatus connected to a network, subject of the present invention, isimplemented on the basis of a specialized transmitter of informationmessages, the electrical apparatus subjected to authorization beingequipped with a receiver of information messages.

[0011] It is noteworthy in that it consists in sending from thespecialized transmitter to the electrical apparatus a coded informationmessage comprising at least one coded authorization information itemdependent on an authorization monitoring code, receiving thisinformation message by means of the receiver with which the electricalapparatus is equipped, decoding this coded information message as afunction of specific authorization data integrated into the receiver soas to generate decoded authorization information, instructing theauthorization of this electrical apparatus if the decoded informationsatisfies the specific integrated authorization data, instructing thenonauthorization of this electrical apparatus otherwise.

[0012] The method and the device for monitoring authorization of anelectrical apparatus connected to a network, which are subjects of thepresent invention, will be better understood on reading the descriptionand on looking at the drawings below in which:

[0013]FIG. 1 represents, by way of illustration, a flowchart of thesteps for implementing the protocol which is a subject of the presentinvention between a specialized transmitter and an electrical apparatuswhich are connected to a network;

[0014]FIG. 2a represents, by way of illustration, a diagram defining anauthorization monitoring zone or perimeter for any electrical apparatusconnected to a network implementing the protocol which is a subject ofthe present invention;

[0015]FIG. 2b represents, in an illustrative manner, a preferentialparticular form of the messages coded between an electrical apparatusand a specialized transmitter allowing the implementation of theprotocol which is a subject of the present invention;

[0016]FIG. 3a represents, by way of illustration, various signature andsignature verification processes implemented within the framework of theprotocol which is a subject of the present invention by the specializedtransmitter respectively by an electrical apparatus connected to anetwork;

[0017]FIG. 3b represents, by way of illustration, various signatureprocesses implemented within the framework of the protocol which is asubject of the present invention by the specialized transmitterrespectively by an electrical apparatus connected to a network, in themore specific case where the electrical apparatus makes it possible toensure, at a subscriber's, a service provision tied to the supplying ofa fluid or of an energy supply;

[0018]FIG. 4a represents, by way of illustration, various exchanges ofmessages between a specialized transmitter and an electrical apparatuswhich are to a network, the mode of exchange of these messages beingmonodirectional or bidirectional;

[0019]FIG. 4b represents, purely by way of illustration, a preferredembodiment of a network, of low-voltage electrical energy distributionnetwork type, particularly adapted to the exchange of messages between aspecialized transmitter and various electrical apparatuses connected tothis network by carrier currents;

[0020]FIG. 5a represents, by way of illustration, an exemplaryimplementation of the protocol which is a subject of the presentinvention within the framework of a service provision application suchas teleworking, a specialized transmitter being installed and connectedto the low-voltage electrical energy distribution network, at the levelof the electrical energy distribution meter, the electrical apparatus ofthe subscriber to the electrical energy distribution service and to theteleworking service, of which the latter is debtor, consisting of acomputer linked by an ATM network for example to a remote site playingthe role of authority for monitoring the teleworking service provisionor at the very least of creditor of this service provision;

[0021]FIG. 5b represents, by way of illustration, an exemplaryimplementation of the protocol which is a subject of the presentinvention within the framework of a service provision application, suchas a remote intervention, a specialized transmitter being installed andconnected to the low-voltage electrical energy distribution network, atthe level of the electrical energy distribution meter of the subscriberto the remote intervention service, of which the latter is creditor, andconsisting of any electrical apparatus catering for this remoteoperation, an operation such as periodic remote reading of theconsumption of this electrical apparatus, maintenance intervention whenthis apparatus is a computer apparatus, this apparatus being linked to asite remote from the service provider by an ATM network for example;

[0022]FIG. 6a represents, by way of illustration, the architecture of aspecialized transmitter in accordance with the subject of the presentinvention more particularly adapted to the sending of messages undermonodirectional communication;

[0023]FIG. 6b represents, by way of illustration, the architecture of aspecialized transmitter in accordance with the subject of the presentinvention and equipped with a receiver more particularly adapted to thesending and to the receiving of messages under bidirectionalcommunication;

[0024]FIG. 7a represents, by way of illustration, the architecture of areceiver in accordance with the subject of the present invention andassociated with an electrical apparatus, this type of receiver beingmore particularly adapted to the reception of messages undermonodirectional communication transmitted, for example, by thespecialized transmitter described in conjunction with FIG. 6a;

[0025]FIG. 7b represents, by way of illustration, the architecture of areceiver in accordance with the subject of the present invention andassociated with an electrical apparatus, this type of receiver beingmore particularly adapted to the exchange of messages underbidirectional communication with a specialized transmitter equipped witha receiver such as described in conjunction with FIG. 6b.

[0026] The method or protocol for monitoring authorization of anelectrical apparatus connected to a network in accordance with thesubject of the present invention, will now be described in conjunctionwith FIG. 1 and the following figures.

[0027] In a general manner, it is indicated that the method which is asubject of the present invention covers all concepts of authorization ofan electrical apparatus connected to a network and of course inoperational mode, at least in standby mode, and allowing either theexecution of a function for surveillance of the location of thiselectrical apparatus, or the execution of a function for surveillance ofthe use of this electrical apparatus with regard to one or morecontractual undertakings or conditions of use with a view to a serviceprovision, the authorization of use of this electrical apparatus beingconferred on the latter when this use satisfies the undersignedcontractual undertakings, and the nonauthorization of this apparatusbeing conferred on the latter in the converse case. For theimplementation of the method for monitoring authorization of anelectrical apparatus, which is a subject of the present invention, it isindicated that this method can be implemented on the basis of a specificspecialized transmitter, the electrical apparatus being equipped howeverwith a receiver of information messages and, as the case may be, with aretransmitter making it possible to ensure the sending of responsemessages to the aforesaid specialized transmitter, the specializedtransmitter and the electrical apparatus, and of course the receiver ofinformation messages as well as the retransmitter being connected to oneand the same network.

[0028] Network is understood to mean any type of communicating networkand in particular any network consisting of one of the networks from thegroup local computer network, extended computer network, local Hertziannetwork, cellular radio telephony network and of course, nonlimitingly,electrical energy distribution network equipped with sending of messagesby low-voltage carrier currents.

[0029] It is understood in particular that the aforesaid communicatingnetwork makes it possible, by virtue of the implementation of the methodwhich is a subject of the present invention, to exchange messagesbetween any authorized monitoring entity and at least one of theelectrical apparatuses equipped with a receiver of information messagesand also of course to exchange messages with the specialized transmitterof information messages allowing the implementation of the method whichis a subject of the aforesaid invention.

[0030] With reference to FIG. 1, it is indicated that the following arethus available: an electrical apparatus EA containing a receiver R,fitted as the case may be with a retransmitter or localized transmitterEL, and with a specialized transmitter ES, which are connected by theaforesaid communicating network.

[0031] Under these conditions, the method for monitoring authorizationwhich is a subject of the present invention consists, in a step A, insending from the specialized transmitter to the electrical apparatus EA,a coded information message, denoted MI, comprising at least one codedauthorization information item dependent on an authorization monitoringcode, then, in a step B, in receiving at the level of the receiver R, bymeans of the latter, the aforesaid coded information message MI.

[0032] Step B is then followed by a step C, at the level of the receiverR, consisting in decoding the coded information message MI as a functionof specific authorization data integrated into the receiver R so as togenerate decoded authorization information, this decoded authorizationinformation being denoted DIS.

[0033] Step C is itself followed, at the level of the receiver R, andhence of the electrical apparatus EA, by a test procedure D consistingin verifying that the decoded information DIS is identical to thespecific authorization data DS integrated into the receiver R. Uponpositive response to the test D, the authorization of the electricalapparatus EA is established in step E. On negative response to the testD, the nonauthorization of the electrical apparatus EA is instructed instep F.

[0034] Various indications relating to the authorization informationcoded as a function of an authorization monitoring code, thisauthorization monitoring code making it possible to define a monitoringor surveillance perimeter or zone for example, will now be given inconjunction with FIG. 2a.

[0035] The concept of monitoring zone, or as the case may be of anauthorization monitoring perimeter, should be understood as a zone whichis not delimited hardware-wise but is defined at least by a set ofmonitoring codes which is assigned to a given electrical apparatus, thiselectrical apparatus being reputedly in the authorization monitoringzone allotted thereto if and only if this electrical apparatus, when thelatter is connected to the communicating network, is capable ofreceiving only the monitoring codes corresponding to the set ofmonitoring codes which are assigned to it.

[0036] Thus, for a given electrical apparatus EA, FIG. 2a shows thatthere is a zone Z₁ for an electrical apparatus EA₁, a zone Z₂ for anelectrical apparatus EA₂ to which the authorization monitoring codesCGL_(n+1) to CGL_(n+p) have been assigned, and finally a zone Z₃ for anelectrical apparatus EA₃ to which the authorization monitoring codesCGL_(n+p+1) to CGL_(n+M) have been assigned.

[0037] It is understood in particular that as a function of thegeographical location, of the nature of the network and of eachspecialized transmitter capable of transmitting the authorizationmonitoring codes assigned to each aforesaid electrical apparatus EA₁ toEA₃, the set of monitoring codes assigned to each apparatus thuscorresponds to a geographical location or surveillance zone.

[0038] In a general manner, it is indicated that step A of sending thecoded message MI can be repeated periodically so as to ensure continuoussurveillance of each electrical apparatus concerned.

[0039] The interruption of the periodic transmission of the codedmessages MI can then advantageously be followed by an operation oflockup of the relevant electrical apparatus, as will be described ingreater detail subsequently in the description, so as to avoid anyattempted theft for example.

[0040] Thus, with reference to FIG. 2b, it is indicated that theauthorization monitoring code CGL_(i) can comprise at least one fieldcontaining a numerical value representative of a geographical location,under the conditions previously mentioned in conjunction with FIG. 2a,to which location the corresponding electrical apparatus EA belongs.

[0041] Furthermore, with reference to the same FIG. 2b, it is indicatedthat the authorization monitoring code can comprise at least one field,denoted CPH, containing a numerical value representative of a conditionundersigned by the user, as will be described subsequently in thedescription.

[0042] A more detailed description of the method for monitoringauthorization of an electrical apparatus connected to a network, inaccordance with the subject of the present invention, will now be givenin conjunction with FIG. 3a in a specific implementation making itpossible to confer a high degree of security on the set of electricalapparatuses subjected to this method.

[0043] With this aim, it is indicated that each coded message MI issigned electronically, each signed message comprising a signedauthentication data field making it possible, on verification ofsignature by the receiver R of the electrical apparatus EA, to decidewhether this verified and decoded information satisfies the specificauthorization data integrated into the receiver R.

[0044] With reference to the aforesaid FIG. 3a, it is indicated that thespecialized transmitter ES possesses a secret which makes it possible toauthenticate the coded messages MI which it transmits and thus avoidsthe construction and the operation of a pirate specialized transmitter,by emulation on a portable computer for example.

[0045] The mode of procedure which will be described hereinbelow inrelation to FIG. 3a advantageously pertains to a specialized transmitterES ensuring periodic broadcasting of coded messages MI constitutingauthentication messages on which the receivers R can react depending onthe nature of the services which are to be executed.

[0046] The mode of procedure in the case of FIG. 3a corresponds to amonodirectional mode of operation for example.

[0047] In a general manner, the assembly is subjected to the monitoringof a certifying authority AC furnished with a private key K_(ACPR) andwith a public key K_(ACPU). Each specialized transmitter ES is furnishedwith the following information:

[0048] information specific to the specialized transmitter ES byconstruction;

[0049] unique identification number delivered by the constructor of thespecialized transmitter ES, this number being represented in FIG. 3a bythe reference INES;

[0050] time stamping value, denoted HO, corresponding to the date andtime delivered by a clock circuit of the specialized transmitter ES. Thetime stamping values HO can be coded in the form YY, MM, DD, HH, min,SS, CC, where YY denotes the year, MM denotes the month, DD denotes theday, HH denotes the hour, min denotes the minutes, SS denotes theseconds and CC the hundredths of seconds.

[0051] Furthermore, each specialized transmitter ES is furnished with asignature calculation module making it possible to calculate the signedvalue of data of the coded message MI on the basis of a signature systemwith private key K_(ESPR), public key K_(ESPU) specific to eachspecialized transmitter ES. Thus, an operation of calculating signatureINES, HO and as the case may be auxiliary data DA₁ can be carried outadvantageously at the level of each specialized transmitter ES, thissigned value calculation operation being denoted:

S _(ES) =S _(KESPR)(_(HO,INES,DA1))

[0052] and represented for this reason by a closed-loop arrow, thesigned value calculation operation being performed at the level of thesingle specialized transmitter ES. The auxiliary data DA₁ can consist ofspecific data, which will be made explicit subsequently in thedescription.

[0053] As far as the parameters for calculating the signature areconcerned, this signature value can be calculated from the private keyK_(ESPR), the public key K_(ESPU) being able to serve to verify thesigned value, as will be described subsequently in the description. Thefields subjected to signature thus comprise the identification numberINES of the specialized transmitter, the time stamping value HO and asthe case may be the auxiliary data DA₁.

[0054] It is thus understood that the signed value (2) obtainedconstitutes an electronic signature of the aforesaid plaintextinformation (1). Furthermore, each specialized transmitter ES isfurnished with a plurality of authorization data such as the public keyof the specialized transmitter, K_(ESPU), the name of the certifyingauthority NAC, the date of validity DV of the public key, the public keyK_(ACPU) of the certifying authority and auxiliary data DA₂,constituting the data field X.

[0055] Finally, these authorization data comprise a signature S_(AC) ofthe aforesaid data. The signature S_(AC) is calculated by the certifyingauthority AC and installed in the memory of each specialized transmitterES with the data field X. The signature S_(AC) satisfies the relation:

S _(AC) =S _(KACPR)(X)

[0056] where S_(KACPR) denotes the operation of signature on the basisof the private key K_(ACPR) of the certifying authority.

[0057] Other parameters may be integrated into the calculation of thesignature value S_(AC), such as for example a parameter indicating theversion of the specialized transmitter ES and the length of the messagestransmitted for example, in the guise of the auxiliary data DA₂.

[0058] The calculation of the signed value S_(ES) represented in FIG. 3aat the level of the specialized transmitter ES is then performedadvantageously before each transmission of coded periodic message MI.

[0059] Thus, with reference to the aforesaid figure, this message issent and comprises at least the time stamping information HO and theinformation regarding the identification number INES of the specializedtransmitter ES sent as plaintext, as well as the time stampinginformation HO and the information regarding the identification numberINES subjected to the signature operation, as well as the set of data Xand S_(AC) constituting a certificate Cert containing the followingplaintext information:

[0060] the public key K_(ESPU) of the specialized transmitter ES,

[0061] the name NAC of the certifying authority,

[0062] the date DV given in the form previously indicated in thedescription,

[0063] as well as the public key K_(ACPU) of the certifying authority,

[0064] auxiliary data DA₂, as the case may be.

[0065] Furthermore, a field relating to an item of information regardingthe version of the specialized transmitter ES and the length of themessages transmitted may be provided, these data constituting forexample the aforesaid auxiliary data. In the latter case, free bytes arefurthermore added so that the message is the length announced in theversion info field.

[0066] On receipt of the coded message MI, the receiver R can proceed,as represented in FIG. 3a, to a first operation of signatureverification, denoted θ_(KACPU), by means of the public key K_(ACPU) ofthe aforesaid certifying authority. In a variant embodiment, it isindicated that the receiver can send the coded message MI to a remoteserver adapted for performing the aforesaid signature verificationoperation. In FIG. 3a, the signature verification operation when it isperformed at the level of the receiver R is denoted:

θ_(KACPU)(S _(AC))

[0067] and represented by a first closed-loop arrow (I), this operationbeing carried out at the level of the receiver R. In normal mode, thevalue of the public key K_(ACPU) used in the operation I has beenconfigured previously in the receiver R, according to a preferentialmode; however, in simplified mode, it will be possible to use the valueof the public key K_(ACPU) contained in the message MI. By virtue of theaforesaid signature verification operation I, the receiver R can thenproceed, on the one hand, to a verification of the authenticity of thedata of the data field X, including in particular the public keyK_(ESPU) of the specialized transmitter ES issuing the coded message MI,for the true value of the aforesaid signature verification, as the casemay be to a verification of the value of the public key K_(ACPU), whenthe receiver R is furnished, beforehand, with this value, then, on theother hand, on the basis of the value of the public key K_(ESPU) of thespecialized transmitter ES, the value and authenticity of which havebeen verified, to a second operation II of signature verification of thesigned value HO, INES, DA₁, this operation being denoted:

θ_(KESPU)(S _(KESPR(HO,INES,DA1)))=θ_(KESPU)(S _(ES)).

[0068] This second verification operation II is represented by a secondclosed loop II at the level of the receiver R.

[0069] This process makes it possible to establish that the timestamping information plus identification number of the specializedtransmitter INES are valid and have indeed been subjected to signatureby means of the private key K_(ESPR) associated with the public keyK_(ESPU) of the specialized transmitter, included in the certificateCert.

[0070] The mode of procedure of the previously described method which isa subject of the present invention does not depend in any way on themanner in which the pairs consisting of public key, private key of thecertifying authority AC or of each specialized transmitter ES have beenconstructed. By way of nonlimiting example, the signature algorithm canbe the RSA algorithm known as such and applied either directly to thedata to be signed, or to a digest of these data which is calculated byapplying a hash function to these data. By way of nonlimiting example,the algorithm used in the hash function may be the MD5 algorithm, knownas such. The pair of keys K_(ESPR), K_(ESPU) may be common to severalreceiver transmitters ES. However, when the private key K_(ESPR) iscompromised, the level of security of all the receiver transmittersconcerned is then jeopardized. It is therefore preferable for each ofthe receiver transmitters ES to be furnished with a pair of keys so asto limit the risk of compromise.

[0071] As far as the implementation of the specialized transmitter ES isconcerned, it is indicated that the certificate part Cert delivered bythe transmitter thus defines the quality of the authentication affordedby the relevant specialized transmitter.

[0072] This certificate can be included on construction, the certifyingauthority AC being either independent, or the constructor himself.

[0073] The certificate Cert can moreover be included in each specializedtransmitter ES by the operator for setting up this specializedtransmitter.

[0074] A more detailed description of a specific implementation of themethod which is a subject of the present invention as illustrated inFIG. 3a will now be given in conjunction with FIG. 3b in a moreparticular case in which the specialized transmitter ES is associatedwith a metering device, such as an electricity meter for example.

[0075] Under these conditions, and in accordance with an especiallynoteworthy aspect of the method which is a subject of the presentinvention, the meter CO delivers to the specialized transmitter ES aunique identification number, denoted NCO, delivered by the constructorof the meter, as well as an index ICO representative of the consumptionrecorded by the meter.

[0076] Under these conditions, the coded message MI is made up of thesame elements as those described in conjunction with FIG. 3a but towhich are added, on the one hand, the meter number and, on the otherhand, the meter index, that is to say the information representative ofthe consumption effected by the subscriber, as the case may be by theelectrical apparatus EA. The meter number NCO and index ICO informationis introduced both at the level of the plaintext part of the message andof the signed part thereof, in the guise of the auxiliary data DA₁ forexample.

[0077] After receipt of the coded message MI by the receiver R, thesignature verification operations I and II are carried out in the sameway as in the case of FIG. 3a.

[0078] However, and according to an especially advantageous aspect ofthis embodiment, the receiver R, after the aforesaid signatureverification operations, makes it possible to ensure that the meternumber and index information is valid and has indeed been enciphered bythe private key K_(ESPR) corresponding to the public key K_(ESPU) of thespecialized transmitter ES, included in the certificate Cert.

[0079] The authentication of location is then complete when the relationis effected between the meter number NCO and the location of this meteron the distribution network where as the case may be the identity of thesubscriber customer.

[0080] It is indicated in particular that the presence of the timestamping values HO, as the case may be of the metering index ICO, thesebeing monotonic increasing time-dependent values, in the message MI andin the signature S_(ES) makes it possible to avoid the fraudulent replayof a message MI with a view to simulating the presence of a specializedtransmitter ES.

[0081] Finally, and in a variant execution of implementation of FIG. 3b,it is indicated that each coded information message MI can also compriseat least one data field representative of a duration of authorization ofuse of the electrical apparatus. In the aforesaid FIG. 3b, this durationof authorization is denoted FA. It may preferably correspond to a startdate and an end date of subscription which are stored in the electricalcircuits of the meter CO for the electrical apparatus EA or, as the casemay be, for a group of electrical apparatuses which is managed by themeter CO. In such a case, the duration of authorization of theelectrical apparatus, that is to say the field FA, is advantageouslyintegrated into the coded information message MI, both in the plaintextpart and in the signed part thereof. The duration of authorization mayalso be limited to the time interval separating the transmission of anew authentication message, from an earlier authentication message.

[0082] A more detailed description of various alternative embodiments ofthe method which is a subject of the present invention will now be givenin conjunction with FIGS. 4a and 4 b.

[0083] In a general manner, it is recalled that the method which is asubject of the present invention can be implemented either in amonodirectional manner by the sending of coded information messages MIDfrom the specialized transmitter ES to the receiver R of the relevantelectrical apparatus EA, or on the contrary in a bidirectional manner,an exchange between a relevant specialized transmitter ES, fitted with areceiver RES, and the electrical apparatus EA then fitted with alocalized transmitter, denoted EL, then being instituted.

[0084] Represented in an illustrative manner in FIG. 4a is the exchangeof information messages between the specialized transmitter ES and theelectrical apparatus EA, the information messages of different naturebeing a priori sent asynchronously according to a monodirectionalexchange or, as the case may be, upon a protocol for bidirectionalexchange of information messages between the specialized transmitter ESand the electrical apparatus EA, that is to say, on the one hand, thereceiver R and, on the other hand, the corresponding localizedtransmitter EL, on prompting by the specialized transmitter ES under theconditions which will be made explicit hereinbelow.

[0085] It is understood in particular that the aforesaid bidirectionalexchange, when the latter is carried out on prompting by the specializedtransmitter ES, in fact makes it possible to monitor the protocol forexchanging information messages between the aforesaid specializedtransmitter and each electrical apparatus EA on the basis of the soleaforesaid specialized transmitter.

[0086] In a more particular manner, it is indicated that the exchange ofmessages of diversified functions may exhibit either a monodirectionalcharacter, or on the contrary a bidirectional character when thefunction carried out at the level of the electrical apparatus EA sorequires, as is illustrated in FIG. 4a. For this reason, and in theaforesaid figure, it is indicated that the various messages, exhibitingand making it possible to carry out miscellaneous functionalities and inparticular the exchanging of these messages between the receivertransmitter ES and the electrical apparatus EA so as to carry out eachdiversified function, are separated by dashed lines.

[0087] With reference to the aforesaid figure, it is indicated that themethod for monitoring an electrical apparatus EA in accordance with thesubject of the present invention can consist in sending, from thespecialized transmitter ES to the receiver R of this electricalapparatus, an initialization message, denoted MID, comprising at leastthe specific integrated authorization data mentioned previously in thedescription. It is indicated that this sending can be of monodirectionaltype, so as not to overload the network with acknowledgement of receiptmessages. The sending of the initialization message MID is representedat the point (1) of FIG. 4a. In a manner known as such, following thereceipt of the specific integrated authorization data by the receiver Rof the electrical apparatus EA and following verification of these databy this apparatus, a positive response to this verification, thereceiver R having been installed beforehand in standby mode, makes itpossible to activate all the functions of the receiver R, and as thecase may be of the localized transmitter EL with which the electricalapparatus EA is equipped, so as to ensure various functions which willbe made explicit in conjunction with points (2) to (5) of the same FIG.4a.

[0088] Furthermore, as represented at the point (2) of the aforesaidfigure, the method which is a subject of the present invention cancomprise a step consisting in sending on request from the receiver R,from the specialized transmitter ES to this receiver R, a message MLCHfor removal of monitoring of authorization of the electrical apparatusEA, the receiver R and the electrical apparatus EA, on receipt of theauthorization monitoring removal message, then being reset tounrestricted operation.

[0089] In the embodiment represented in FIG. 4a at the point (2)thereof, the localized transmitter EL of the electrical apparatus EAdelivers, to the receiver RES of the specialized transmitter, anauthorization removal request message, MRLH, following prompting by thespecialized transmitter ES, which has previously addressed a removalinformation message, denoted MLI, to the receiver R of the electricalapparatus EA. This removal information message has itself been sent bythe specialized transmitter ES by way of a request transmitted by athird party, request denoted RET. This third party is of course atrusted third party or an authorized management body, as will bedescribed subsequently in the description. It is understood inparticular that the request message RET may be conveyed by a networkdistinct from the communicating network, to which the specializedtransmitter ES and the electrical apparatus EA as well as the receiver Rand the localized transmitter EL with which the latter is equipped areconnected. It is indicated however that the request RET may be madesecure by a process for authenticating the trusted third party, by aconventional authentication process, which, for this reason, will not bedescribed in the description. A simplified process can consist insubjecting the request RET to a code for access to the relevantspecialized transmitter ES. This security process makes it possible toavoid any usurping of the identity of the trusted third party.

[0090] Following the receipt of the authorization monitoring removalmessage MLCH by the receiver R of the electrical apparatus EA, aprocedure for resetting the electrical apparatus EA into unrestrictedoperation is run internally, as represented in FIG. 4a at the point (2)thereof.

[0091] Furthermore, the method which is a subject of the presentinvention can consist, as illustrated at the point (3) of FIG. 4a insending to the receiver R of the electrical apparatus EA, from thespecialized transmitter ES and on request from a third party element,trusted third party defined for the monitoring perimeter and ensuringsurveillance of this monitoring perimeter, a message of on-siteblocking, denoted MVER, of the electrical apparatus EA. The receipt ofthe message for blocking MVER on the site of the electrical apparatus EAthen makes it possible internally to proceed with the disabling of anyvital function of the aforesaid electrical apparatus. It is understoodin particular that the on-site blocking process can advantageously beimplemented by the proprietor of the electrical apparatus or apparatusesEA, who, upon an absence from his home for a prolonged duration, canthen declare his absence to the trusted third party, the latterensuring, by way of his request RET then by the transmission of theblocking message MVER by way of the specialized transmitter ES, thedisabling of any vital function of the electrical apparatus or of theelectrical apparatuses EA concerned for the duration of this absence.

[0092] Furthermore, as represented at the point (4) of FIG. 4a, themethod which is a subject of the present invention can consist inperiodically sending, from the specialized transmitter ES to thereceiver R of the electrical apparatus EA, a message for authenticationMA of the relevant specialized transmitter.

[0093] With reference to the point (1) of the aforesaid figure, it isindicated that the authentication messages MA may comprise, in the samemanner as the initialization messages MID, at least the specificauthorization data integrated in these same authorization data, theprocedure for activating the monitoring of authorization at the level ofthe receiver R of the electrical apparatus EA not being run however atthe level of this electrical apparatus and of this receiver upon thereceipt of an authentication message. Specifically, the authenticationmessages MA such as described at the point (4) of the aforesaid figuremay be sent with a determined periodicity or on simple request from thetrusted third party ensuring the management of the method which is asubject of the invention. In particular, the authentication messages MAmay be modified periodically or randomly, the specific integratedauthorization data being thereby modified as a consequence, so as toensure immunity to fraud for example.

[0094] Finally, the method which is a subject of the present inventioncan consist, as represented in step (5) of FIG. 4a, in sending from theelectrical apparatus EA, that is to say from the localized transmitterEL with which the latter is equipped, to the receiver RES of thespecialized transmitter ES, an allegiance message MAL comprising anidentification code of the electrical apparatus EA.

[0095] Preferably, as represented in the aforesaid FIG. 4a, theallegiance message MAL is transmitted by the electrical apparatus EA onreceipt of an allegiance request message MRAL sent from the specializedtransmitter ES to the electrical apparatus EA, the allegiance messageMAL thus being transmitted in response to the receipt of the allegiancerequest message MRAL.

[0096] Following the receipt of the allegiance message MAL by thereceiver RES of the specialized transmitter ES, the latter proceeds to averification of the aforesaid allegiance message. The verificationprocedure, conducted internally at the level of the specializedtransmitter ES, consists essentially in verifying the value of theidentification code of the electrical apparatus EA sent within theallegiance message MAL.

[0097] On positive response to the verification procedure, denotedθ(MAL), the method which is a subject of the invention can then consistin sending, from the specialized transmitter to the receiver R of theelectrical apparatus EA, in the absence of verification, this absence ofverification being denoted θ(MAL)=0, a message instructing lockup of thereceiver and of the electrical apparatus EA, the lockup operation beingof course performed internally at the level of the aforesaid electricalapparatus.

[0098] It is understood in particular that the procedure of sending anallegiance message and of response in the absence of verification ofthis allegiance message is especially advantageous insofar as theconcept of allegiance covers not only the proper operation of theelectrical apparatus EA with regard to the specialized transmitter ESbut also the monitoring of any electrical apparatus EA stolen from itslegitimate owner or proprietor, and hence authorized to operate in amonitoring zone Z₁, and transported to a monitoring zone Z₂ for whichthe authorization monitoring parameters are different, as mentionedpreviously in the description. Under this last hypothesis, it isindicated that the total lockup of the electrical apparatus EA, thistotal lockup possibly consisting of an irreversible disabling of anyvital function of the electrical apparatus EA, turns out to be aparticularly good deterrent in regard to attempted theft by reason ofthe impossibility of use of any electrical apparatus EA thus stolen butsubjected to the authorization monitoring protocol, which is a subjectof the present invention.

[0099] Thus, the procedure for sending an allegiance message followingreceipt of an allegiance request message MRAL, as represented at thepoint (5) of FIG. 4a, can advantageously be systematically launchedafter each dispatch by the specialized transmitter ES of theinitialization message MID, as represented at the point (1) of theaforesaid figure, the procedure for sending an allegiance message inthis situation making it possible to ensure verification of the properoperation of the electrical apparatus EA subjected to the authorizationmonitoring after activation of the latter.

[0100] Furthermore, and in accordance with a noteworthy aspect of themethod which is a subject of the present invention, it is indicated thatthe same procedure for sending an allegiance message MAL canadvantageously be implemented after each sending of an authenticationmessage MA as illustrated at the point (4) of FIG. 4a. In such asituation, the success of the sending of the allegiance message and ofthe verification of the latter makes it possible to verify that theelectrical apparatus EA matches up with the new authentication datadelivered previously by the authentication message MA to the electricalapparatus concerned.

[0101] While the procedures for sending messages requesting removal ofmonitoring of authorization and of sending of a blocking message, suchas described and illustrated at point (2) respectively (3) of theaforesaid figure, are preferably implemented on receipt of a third partyrequest message RET, trusted third party, the procedure for sending anallegiance message MAL may preferably be implemented on the soleinitiative of the specialized transmitter ES, the latter enjoying theinitiative for monitoring the allegiance of each electrical apparatus EAwhose authorization monitoring it ensures. Under these conditions, apartfrom the transmission of an allegiance request message MRAL by thespecialized transmitter ES following the sending of an initializationmessage MID or of an authentication message MA, it is advantageous toprogram the specialized transmitter ES in such a way as to send anallegiance request message and thus to run the procedure for sendingallegiance messages by each relevant electrical apparatus EAperiodically, so as to ensure exhaustive monitoring.

[0102] A more detailed description of a nonlimiting specific mode ofimplementation of the method which is a subject of the present inventionwhen the network, to which are connected, on the one hand, thespecialized transmitter ES, and on the other hand, an electricalapparatus EA equipped with a receiver R and with a localized transmitterEL, consists of the low-voltage electrical energy distribution network,LT network, will now be given in conjunction with FIG. 4b.

[0103] Represented in the aforesaid figure is a high-voltage/low-voltagetransformation substation, HT/LT substation, fitted with a concentratorallowing the sending of messages by carrier currents. The low-voltageelectrical energy distribution network can be subdivided into main LTnetwork and secondary LT networks, several secondary LT networkspossibly being provided, these secondary networks not beinginterconnected to the HT/LT substation of the main LT network. The HT/LTsubstation can itself be interconnected by the switched public telephonenetwork SPTN to a management center kept by a trusted third party. Onthe main LT network and on each secondary LT network, denoted secondaryI, secondary II, secondary III, each subscriber connected to thecorresponding LT network is furnished with an electrical energy meterand of course with a communicating client interface circuit, denotedcircuit ICC, connected between one of the phase conductors and theneutral of the network so as to allow the sending and receiving ofmessages by carrier currents. Thus, in FIG. 4b, each assembly consistingof a meter and an ICC circuit is represented by an empty circle placedon the relevant LT network. Furthermore, as represented in FIG. 4b, eachbranch of the LT network, main network or secondary network, can befitted with at least one device for interfacing a low-voltage carriercurrents/radio frequency bidirectional link, each device thus ensuringthe bidirectional sending of messages by carrier currents by way ofHertzian space. Under these conditions, the implementation oflow-voltage carrier currents/radio frequency bidirectional linkinterfacing devices makes it possible to ensure the bidirectionalsending of the aforesaid messages under especially advantageousconditions, regardless of the number of ICC circuits connected to eachbranch of the network. Under these conditions, the communicationmessages between the concentrator of the HT/LT substation and each ICCcircuit, and ultimately each subscriber, are sent with near-totaltransparency with regard to the information conveyed by the carriercurrents. Consequently, these messages are sent by a real-time resendingof any information frame conveyed by the carrier currents flowing aroundthe LT network. The aforesaid sending of the information messages orframes or of data is then performed according to a process of repetitionby ripples with allocation of transmission credit. The bidirectionalcharacter of transmission is then ensured. For a more detaileddescription of the mode of procedure of the bidirectional transmissionof messages between an HT/LT substation concentrator and an interfacingdevice of a low-voltage carrier currents/radio frequency bidirectionallink, reference may usefully be made to the PCT patent application WO98/17013 entitled “Dispositif d'interfacage d'une liaisonbidirectionnelle courants porteurs basse tension/radiofréquence” [Devicefor interfacing a low-voltage carrier currents/radio frequencybidirectional link] published in the name of Electricité de France onApr. 23, 1998.

[0104] Under these conditions, the bidirectional exchange of messagesbetween the specialized transmitter ES and any electrical apparatus EAfitted with a receiver R and with a localized transmitter EL can beperformed in a satisfactory manner by way of the aforesaid interfacingdevices, denoted ICC-R, and represented in the drawing of FIG. 4b by wayof a circle comprising a cross adjoined to the branches of the LTnetwork.

[0105] It is understood in particular that the system as a wholedescribed in FIG. 4b allows the routing of the messages describedpreviously in conjunction with FIG. 4a. Of course, when the specializedtransmitter ES is placed at the level of the concentrator of the HT/LTsubstation, the management of a set of domestic electrical installationscomprising a plurality of electrical apparatuses EA at the level of eachsubscriber can be ensured by one and the same specialized transmitterES. Under these conditions, the specialized transmitter ES is linkeddirectly, on the one hand, to the switched public telephone network SPTNand, on the other hand, to the LT network by way of an interfacingdevice of a low-voltage carrier currents/radio frequency bidirectionallink, such as described previously in the description.

[0106] A more detailed description of specific applications of themethod which is a subject of the present invention to various serviceprovisions will now be given in conjunction with FIGS. 5a and 5 b.

[0107]FIG. 5a relates to a first exemplary implementation of aspecialized transmitter ES and of the method which are the subject ofthe present invention when the electrical apparatus EA fitted with areceiver equips an electrical apparatus of a provision debtor. In theexample given in relation to the aforesaid figure, the electricalapparatus EA consists of a microcomputer and the provision debtor useris required to effect home teleworking provisions for example, inrespect of a creditor situated at a remote site and possiblyconstituting a monitoring authority. The constituent microcomputer ofthe electrical apparatus EA subjected to the protocol which is a subjectof the present invention can then be linked to the remote site of themonitoring authority by way of an ATM network or the INTERNET networkfor example.

[0108] In particular, the specialized transmitter ES, in thisapplication, can periodically transmit an authentication message MA tothe receiver R, this authentication message possibly allowing theprovision debtor service provider to prove to the remote site, that isto say to the creditor of the provision, that access actually takesplace from the normal place of work agreed by the monitoring authority.

[0109] The mode of procedure of the assembly is described hereinbelow.

[0110] Like any piece of equipment, that is to say any electricalapparatus EA connected to the electrical energy distribution network,the microcomputer constituting the workstation of the provision debtorreceives the periodic messages delivered by the specialized transmitterES.

[0111] As soon as the microcomputer constituting the workstationconnects to the remote site, and after an identification process, themicrocomputer is able to send to the remote site all or some of thecontent of a message received from the specialized transmitter ES.

[0112] Such a process allows the implementation of the operationshereinbelow:

[0113] verification of the authentication of the specialized transmitterES by the remote site:

[0114] The remote site must normally possess the public key K_(ACPU) ofthe certifying authority used by the specialized transmitter ES.Consequently, by a method analogous to that carried out by the receiverR of an electrical apparatus EA, on receipt of a message MI as describedpreviously, the remote site is able to authenticate the message sent bythe microcomputer of the provision debtor as originating from thespecialized transmitter ES, as the case may be from the meter identifiedin the message when the specialized transmitter ES is associated with ameter. The remote site can moreover verify the association of theidentity of the user, that is to say of the provision debtor, and of thespecialized transmitter ES or of the electrical energy meter associatedwith the latter.

[0115] In the case where the remote site does not possess the public keyK_(ACPU) of the certifying authority, and in the case where the remotesite accepts the risk, it can then use that key contained in the messageor the message part delivered by the specialized transmitter ES andresent by the microcomputer of the provision debtor. This public keyK_(ACPU) of the certifying authority can thus be stored and thensubjected to verification and/or reuse subsequently at the level of theremote site. The risk in the acceptance of the public key K_(ACPU)contained in the message delivered by the specialized transmitter ESresides in the fact that a message manufactured by a false certifyingauthority may be accepted as valid. This risk must be borne by thesecurity policy of the remote site accessed, which must rule on the fateto be reserved for this mode of procedure, that is to say choose eitherrejection, or acceptance with alarm or else acceptance with request ofconfirmation for example.

[0116] Sending of the message coming from the specialized transmitterES:

[0117] The procedure for authenticating the identity of the provisiondebtor at the remote site can explicitly envisage the dispatching of themessage originating from the specialized transmitter ES instead of or asa supplement to conventional authentication.

[0118] This mode of procedure leads in principle to the modifying of theauthentication protocols existing in the state of the art. However, inorder to route the authentication message transmitted by the specializedtransmitter ES within an existing protocol, it is possible to envisageadjoining this message to another protocol message transmitted from theworkstation of the provision debtor to the remote site. In particular,in a mode of authentication by password, it is possible to send eitherthis authentication message delivered by the specialized transmitter inplace of the password, or this authentication message affixed to thispassword or else a combination according to a preestablished conventionof both of the passwords and of the message delivered by the specializedtransmitter ES.

[0119] A second application of the method which is a subject of thepresent invention will now be described in conjunction with FIG. 5b.

[0120] This application can be implemented when using a specializedtransmitter ES in the new modes of sale of electrical energy for exampleor of any other fluid supplied through a fixed network by way of ameter.

[0121] As represented in FIG. 5b, the subscriber to the service fordistribution and sale of energy, electrical energy for example, isfurnished with electrical apparatuses EA with which at least onereceiver is associated. The electrical apparatus EA is interconnected tothe low-voltage electrical energy distribution network by way of abranch-line and of a meter making it possible to deliver electricalenergy to each electrical apparatus EA in the user's domesticinstallation. The user is in this case the provision creditor.

[0122] In a conventional manner, the supplying of fluids through adistribution network is metered at the point of delivery by virtue ofthe aforesaid meter. The bill to the subscriber, that is to say to theprovision creditor, is invoiced as a function of the consumption at themeter and of the tariff associated with his contract of supply. Withinthe framework of a free market economy, the provision of distributionservices, ensured by the manager of the network, and of supply services,ensured by the producer or the packager of the fluid, are separate. Thesame point of delivery may be the place of supply originating fromdifferent suppliers. By way of nonlimiting example, the provision ofservice carried out by various telecommunication operators from one andthe same telephone line is indicated. Under these conditions, distinctsupplies are apparent according to the uses. Such a situation occurswhen marketing electrical apparatuses associated with an electricalenergy supply contract. The electrical energy supply is then billed onthe basis of specialized metering or of a flat rate. Authentication ofthe location of the supply with respect to a given point of delivery isthen necessary.

[0123] With this aim, and as represented in FIG. 5b, the specializedtransmitter ES makes it possible to ensure this authentication bybroadcasting the locating message to each supplier's own meters andequipment.

[0124] The relevant supplier can then define his tariff conditionsapplicable as a function of the location and of contracts taken outindividually with the creditor of the provisions. The balance betweenenergy delivered at the point of delivery and energy supplied to thecustomer can then be established with certainty. Under these conditions,the mode of communication of the specialized transmitter ES with eachelectrical apparatus EA is comparable to that described within theframework of FIG. 5a, although the provision creditor is now the userand the provision debtor is the remote site providing the serviceorganized for the distribution of electrical energy or the like. Underthese conditions a link by ATM or INTERNET network for example can beeffected between the site of the provision creditor and the remote siteof the service provider.

[0125] Furthermore, FIG. 5b corresponds also to a similar situation inwhich a teleservice is executed from a remote provision debtor site, theprovision creditor being any user of an electrical apparatus EA fittedwith a receiver connected for example to the electrical energydistribution network.

[0126] In a general manner, the teleservice in such a situation is anaction conducted remotely by the service provider on the customer'sinstallation in the absence, usually, of any intervention by thiscustomer.

[0127] To execute the aforesaid service, the provider must howeverensure that an intervention at the customer's correct address isinvolved. To bill his service, the provider must establish that he hasindeed intervened remotely on the customer's installation and he must ofcourse give proof of the duration of the intervention and of the date ofthe latter. In both cases, the provider must impose a certain degree ofguarantee on the actual location of the installation on which heintervenes and on the reality of the intervention.

[0128] In such a situation, while the provision can be effected by theservice provider by way of the INTERNET or ATM network for anintervention on a computer for example, as soon as the interventionbegins, the computer which is the subject of the intervention, that isto say the electrical apparatus EA constituted by this computer,dispatches to the service provider on the remote site the authenticationmessage transmitted by the specialized transmitter ES installed in thevicinity of the latter, that is to say in the vicinity of the meter whenthe electrical installation is concerned. The service provider can thusverify the authenticity of the message received and provide proof inparticular of the duration of intervention, of the date, for example.The mode of communication of the specialized transmitter ES is thencomparable to that described within the framework of FIG. 5a.

[0129] A more detailed description of a specialized transmitter,respectively of a receiver associated with an electrical apparatusconnected to a network in accordance with the subject of the presentinvention, this specialized transmitter device and this receiver devicedescribed previously in the description of course allowing theimplementation of the method which is a subject of the invention, willnow be given in conjunction with FIGS. 6a, 6 b and 7 a, 7 b.

[0130] In a general manner, it is indicated that in the simplest versionallowing the implementation of a monodirectional communication, betweenthe aforesaid specialized transmitter and a receiver associated with anelectrical apparatus connected to a given network, the specializedtransmitter, as represented in FIG. 6a, can be constructed in the formof a piece of monoblock equipment of small size, not exceeding that of acube of side 20 cm approximately.

[0131] Under these conditions, as represented in FIG. 6a, thespecialized transmitter ES can comprise, in addition to an externalelectrical energy supply, denoted AL₁, an electronic card 1 comprising acalculation unit, or microprocessor, denoted μP and bearing thereference 1 ₀, as well as, for the implementation of the signature andcertificate calculations, either of a coprocessor bearing the reference1 ₁, or of a read only memory of ROM type connected to the aforesaidmicroprocessor 1 ₀. The processor 1 ₀ and the coprocessor or the readonly memory 1 ₁ are linked by way of an internal BUS 1 ₂ to a workmemory denoted 1 ₃. The work memory can consist of a RAM memory in whichthe signature calculation and verification programs can be loaded fromthe ROM memory 1 ₁ for the implementation of the signature calculationand verification operations for example.

[0132] Furthermore, the specialized transmitter ES comprises aunidirectional communication unit bearing the reference 1 ₄ a and atransmitter module proper, bearing the reference 1 ₅ a, this transmittermodule, as a function of the application carried out and of the type ofcommunicating network used, being able to consist of a Hertziantransmitter, or on the contrary of a transmitter by carrier current onthe low-voltage electrical energy distribution network for example. Theunidirectional communication unit 1 ₄ a is interconnected to theinternal BUS 1 ₂ as well as to the transmitter module 1 ₅ a. Thistransmitter module is itself linked to an antenna when the transmitteris a Hertzian transmitter or respectively to the electrical network by aconnection module 1 ₆ when the transmitter is a carrier current basedtransmitter.

[0133] It is of course understood that, on calling the programs,intended for the electrical apparatus, for calculating the signature andthe coded values for constructing the coded authorization informationitem, these programs being stored in the ROM type memory 1 ₁, thesignature calculation and verification operations can be performed fromthe work memory 1 ₃ and from the calculation unit, the microprocessor 1₀. The coded values making up the coded authorization information itemare then sent to the unidirectional communication unit 1 ₄ a so as toconstruct coded information messages, that is to say messages comprisingthe aforesaid coded authorization information item. The transmission ofthese messages is then carried out by the transmission module 1 ₅ a,either in Hertzian form, or in carrier current form by way of theantenna or of the module for connection to the low-voltage network 1 ₆.

[0134] Preferably, and in a specific embodiment represented in FIG. 6a,the specialized transmitter ES furthermore comprises an externalcomputer socket, denoted 1 ₇, allowing the interconnection of thespecialized transmitter device with an external device for meteringfluid or energy, denoted CO. The external computer socket can beembodied, by way of nonlimiting example, by an RS232 serial link forexample. Furthermore, a linking module 1 ₈ constituting a unit forcommunication with the meter CO is provided between the externalcomputer socket 1 ₇ and the calculation module consisting of themicroprocessor 1 ₀, the signature calculation coprocessor 1 ₁ or thecorresponding ROM memory, and the random access memory 1 ₃. This link isensured by the internal BUS 1 ₂. Thus, the aforesaid calculation moduleand in particular the microprocessor 1 ₀ receives from the fluid orenergy meter CO a metering information item making it possible to codethe authorization monitoring code so as to constitute the informationmessages sent.

[0135] Represented in FIG. 6b is a specialized transmitter allowing abidirectional link with the electrical apparatus EA subjected to theauthorization monitoring when the receiver R associated with thiselectrical apparatus is itself equipped with a transmitter module.

[0136] In such a case, the specialized transmitter ES can then beembodied in the form of a dedicated card associated with a computer.

[0137] In FIG. 6b, the same references denote the same elements as inFIG. 6a. However, the communication unit bears the reference 1 ₄ b todenote a bidirectional communication unit allowing the selection of themode of procedure of the specialized transmitter either as transmitmode, or as receive mode. In the same manner, the transmission modulebears the reference 1 ₅ b, this transmission module being moreoverequipped with a Hertzian reception module or a carrier current basedreception module. Thus, as a function of the mode of procedure adopted,in particular for the exchanging of bidirectional messages, asrepresented previously in the description in FIG. 4a, the switch fromthe transmit mode to receive mode is carried out by way of themicroprocessor 1 ₀ and of a specific program.

[0138] In the case of FIG. 6b, the specialized transmitter can be fittedwith more specific elements customarily implemented for the equipping ofmicrocomputers such as a display screen with graphics card, bearing thereference 3, a keyboard bearing the reference 4 and a modem bearing thereference 5, so as to ensure interconnection with the switched publictelephone network SPTN previously mentioned in the description.

[0139] In the embodiment represented in FIG. 6b, it is indicatedmoreover that the meter CO can be integrated directly into theconstituent dedicated card 1 of the specialized transmitter ES. In thiscase, with the meter CO consisting of a specific metering unit, isassociated a measurement sensor directly connected to the fluid orenergy distribution network such as the electrical network for example.The measurement sensor bears the reference 8.

[0140] Finally, another specific function can be implemented, thisfunction possibly consisting of an alarm system comprising an externalalarm, bearing the reference 7, linked to an acquisition and alarm linkcard, bearing the reference 6. The external alarm module 7 is linked tothe internal BUS 1 ₂ by way of the acquisition and alarm link card 6.

[0141] The architecture of a receiver R associated with an electricalapparatus in accordance with the subject of the present invention, willnow be described in conjunction with FIGS. 7a and 7 b.

[0142] The embodiment of FIG. 7a is a minimum embodiment more especiallyintended for electrical apparatuses which do or do not comprise afunction for intelligent management of the functions of the electricalapparatus by microprocessor. This receiver can then be implemented on aspecific electronic card powered by an external power supply AL₂ or, asthe case may be, by the power supply to the electrical apparatus forexample.

[0143] In FIG. 7a, the components consisting of the microprocessor 2 ₀,the coprocessor or the ROM read only memory 2 ₁, the internal BUS 2 ₂,the random access memory 2 ₃ are added to the dedicated electronic card,the processor 2 ₀, the internal BUS 2 ₂ and the memory 2 ₃ possiblyconsisting however of those of the electrical apparatus EA, when thelatter consists of a microcomputer for example in the application toteleworking, as described previously in the description.

[0144] The receiver represented in FIG. 7a furthermore comprises amodule for receiving the coded information messages essentiallycomprising a unidirectional communication unit 2 ₄ a, a Hertzian typereceiver or carrier current based receiver, bearing the reference 2 ₅ a,and an external antenna or a module for connection to the electricalnetwork in the case where the reception is ensured by carrier current,this antenna or this connection module bearing the reference 2 ₆. Theelements 2 ₆, 2 ₅ a and 2 ₄ a are connected in cascade, theunidirectional communication unit 2 ₄ a being itself interconnected tothe internal BUS 2 ₂.

[0145] As will be observed moreover in FIG. 7a, the receiver device Rcomprises a module for decoding and verifying the coded authorizationinformation item contained in each information message received. Thisdecoding and verification module advantageously consists of thecalculation microprocessor 2 ₀, of course the RAM type work memory 2 ₃as well as the coprocessor or the ROM memory bearing the reference 2 ₁ ain which are stored the signature calculation and verification programs,as was mentioned previously in the description.

[0146] Furthermore, a module for instructing authorization ornonauthorization of the electrical apparatus EA as a function of theverification of the coded authorization information is also provided.This module consists of the microprocessor 2 ₀, a ROM read only memorybearing the reference 2 ₁ b and of course the work memory 2 ₃. Thisinstruction module is supplemented with a computer socket bearing thereference 2 ₇ making it possible to dispatch instruction commands to theelectrical apparatus EA and in particular to vital functions thereof.The socket 2 ₇ can, for example, consist of a serial link type socket,which makes it possible to route messages for instructing blocking i.e.irreversible incapacitating of vital functions of the electricalapparatus subjected to the authorization monitoring, as describedpreviously in the description in conjunction with FIG. 4a.

[0147] The ROM memory 2 ₁ b can advantageously comprise the set ofblocking or irreversible incapacitating instruction programs intendedfor the electrical apparatus EA.

[0148] Represented in FIG. 7b is a receiver associated with anelectrical apparatus in which the same references represent the sameelements as in the case of the embodiment of FIG. 7a. However, thisreceiver is a more elaborate receiver, which allows the implementationof a bidirectional link between the specialized transmitter and thereceiver associated with the electrical apparatus EA. The differenceswith regard to the embodiment of the receiver represented in FIG. 7arelate to the communication unit, bearing the reference 2 ₄ b, which isa bidirectional communication unit, and the Hertzian receiver module,bearing the reference 2 ₅ b, this module now being equipped with atransmitter. The receiver transmitter module 2 ₅ b then consists eitherof a Hertzian or carrier current based receiver/transmitter module.

1. A method for monitoring authorization of an electrical apparatusconnected to a network, on the basis of a specialized transmitter ofinformation messages, this electrical apparatus being equipped with areceiver of information messages, characterized in that this methodconsists: in sending from the specialized transmitter to said electricalapparatus a coded information message comprising at least one codedauthorization information item dependent on an authorization monitoringcode; in receiving said information message by means of said receiverwith which said electrical apparatus is equipped; in decoding said codedinformation message as a function of specific authorization dataintegrated into said receiver so as to generate decoded authorizationinformation; in instructing the authorization of said electricalapparatus if said decoded information satisfies said specific integratedauthorization data; in instructing the nonauthorization of saidelectrical apparatus otherwise.
 2. The method as claimed in claim 1,characterized in that said authorization monitoring code comprises atleast one field containing a numerical value representative of ageographical location of said electrical apparatus belonging to anauthorization monitoring zone.
 3. The method as claimed in claim 1 or 2,characterized in that said authorization monitoring code comprises atleast one field containing a numerical value representative of acondition undersigned by the user.
 4. The method as claimed in one ofclaims 1 to 3, characterized in that it consists in periodically sendingsaid coded information message to said electrical apparatus.
 5. Themethod as claimed in one of claims 1 to 4, characterized in that saidnetwork consists of one of the networks from the group local computernetwork, extended computer network, the local Hertzian network, thecellular radio telephony network, the electrical energy distributionnetwork equipped with sending of messages by carrier currents.
 6. Themethod as claimed in one of claims 1 to 5, characterized in that eachinformation message comprises at least one data field representative ofa duration of authorization of said electrical apparatus.
 7. The methodas claimed in one of claims 1 to 6, characterized in that each messageis signed, each signed message comprising a field of signedauthentication data, making it possible upon verification of signatureto decide whether said verified and decoded information satisfies saidspecific integrated authorization data.
 8. The method as claimed inclaim 7, characterized in that said data comprise at least one monitonicincreasing time-dependent value making it possible to avoid fraudulentreplay.
 9. The method as claimed in one of claims 1 to 8, characterizedin that it furthermore comprises steps for managing the monitoringmethod consisting at least in: sending from the specialized transmitterto said receiver an initiation message comprising at least said specificintegrated authorization data; sending, on request of said receiver,from the transmitter to said receiver, an authorization monitoringremoval message, said receiver, on receipt of said authorizationmonitoring removal message being reset to unrestricted operation;sending to said receiver, on request of a third party element belongingto said monitoring perimeter and ensuring surveillance of thismonitoring perimeter, a message of on-site blocking of said electricalapparatus, said on-site blocking message causing the disabling of anyvital function of said electrical apparatus; periodically sending saidreceiver a message for authentication of said transmitter; sending fromthe receiver to the transmitter an allegiance message, comprising anidentification code of said receiver; sending from the transmitter tothe receiver, in the absence of verification by the transmitter of saidallegiance message, a message instructing lockup of said receiver. 10.The method as claimed in one of claims 6 to 9, characterized in that,for an electrical energy distribution network equipped with sending ofmessages by carrier currents, said transmitter is placed on a site ofthis network such as MT/LT transformer, meter of consumption at asubscriber's premises.
 11. The method as claimed in claim 10,characterized in that said information messages comprise at least onedata field representative of an identification code of the MT/LTtransformer, or of the consumption meter.
 12. The method as claimed inone of claims 10 or 11, characterized in that said information messagescomprise at least one data field representative of the metering value ofsaid consumption meter.
 13. A specialized transmitter device for theimplementation of the method for monitoring authorization of anelectrical apparatus connected to a network according to one of claims 1to 12, this electrical apparatus being equipped with a receiver ofinformation messages and this specialized transmitter being adapted toallow the sending to this electrical apparatus of a coded informationmessage comprising at least one coded authorization information item forthis electrical apparatus dependent on an authorization monitoring code,characterized in that said specialized transmitter device comprises atleast: means for calculating an authorization monitoring code associatedwith at least one electrical apparatus; means for transmitting on saidnetwork coded information messages containing said coded authorizationinformation item dependent on this authorization monitoring code. 14.The device as claimed in claim 13, characterized in that it furthermorecomprises: an external computer socket allowing the interconnection ofsaid device with a device for external metering of fluid or energy; alinking module interconnected between the external computer socket andsaid means for calculating a monitoring code, said means of calculationreceiving from said fluid or energy meter a metering information itemmaking it possible to code said authorization monitoring code.
 15. Areceiver device equipping an electrical apparatus connected to a networkfor the implementation of the method according to one of claims 1 to 12,this receiver receiving coded information messages comprising at leastone coded authorization information item for this electrical apparatus,transmitted by a specialized transmitter, characterized in that saidreceiver comprises at least: means for receiving said coded informationmessages; means for decoding and verifying said coded authorizationinformation item; means for instructing authorization respectivelynonauthorization of said electrical apparatus as a function of theverification of said coded authorization information item.
 16. Thereceiver device as claimed in one of claims 13, 14 or 15, characterizedin that said means of transmission of the specialized transmitter beingequipped with a receiver and said means of reception of the receiverassociated with the electrical apparatus being equipped with atransmitter, the communication between the specialized transmitter andthe receiver associated with the electrical apparatus is bidirectional.